FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
61db9b88-d091-11e9-8d41-97657151f8c2Exim -- RCE with root privileges in TLS SNI handler

Exim developers report:

If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected.

The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The exploit exists as a POC. For more details see the document qualys.mbx


Discovery 2019-09-02
Entry 2019-09-06
exim
< 4.92.2

https://git.exim.org/exim.git/blob_plain/2600301ba6dbac5c9d640c87007a07ee6dcea1f4:/doc/doc-txt/cve-2019-15846/cve.txt
3e0da406-aece-11e9-8d41-97657151f8c2Exim -- RCE in ${sort} expansion

Exim team report:

A local or remote attacker can execute programs with root privileges - if you've an unusual configuration.

If your configuration uses the ${sort } expansion for items that can be controlled by an attacker (e.g. $local_part, $domain). The default config, as shipped by the Exim developers, does not contain ${sort }.

The vulnerability is exploitable either remotely or locally and could be used to execute other programs with root privilege. The ${sort } expansion re-evaluates its items.

Exim 4.92.1 is not vulnerable.


Discovery 2019-07-18
Entry 2019-07-25
Modified 2019-07-26
exim
ge 4.85 lt 4.92.1

CVE-2019-13917
https://www.exim.org/static/doc/security/CVE-2019-13917.txt
45bea6b5-8855-11e9-8d41-97657151f8c2Exim -- RCE in deliver_message() function

Exim team and Qualys report:

We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit.

A patch exists already, is being tested, and backported to all versions we released since (and including) 4.87.

The severity depends on your configuration. It depends on how close to the standard configuration your Exim runtime configuration is. The closer the better.

Exim 4.92 is not vulnerable.


Discovery 2019-05-27
Entry 2019-06-06
exim
ge 4.87 lt 4.92

CVE-2019-10149
https://www.exim.org/static/doc/security/CVE-2019-10149.txt